package com.qianfeng.smartmetting.authiority;


import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
//import org.springframework.security.access.AccessDeniedException;
//import org.springframework.security.core.Authentication;
//import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Aspect
@Component
public class PermissionAspect {

//    //用来判断当前用户的权限是否包含requirePermission 注解中的权限
//    @Around("@annotation(requirePermission)")
//    public Object checkPermission(ProceedingJoinPoint joinPoint
//            ,RequirePermission requirePermission)throws Throwable {
//        //获取当前用户的权限集合
//        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
//        //获取requirePermission 注解中的权限信息
//        String[] requirePermissionValue = requirePermission.value();
//
//        //判断当前用户的权限信息是否包含注解中的权限信息 **
//        boolean falg = authentication.getAuthorities().stream().anyMatch(authority -> {
//            for (String permission : requirePermissionValue) {
//                if (authority.getAuthority().equals(permission)) {
//                    return true;
//                }
//            }
//            return false;
//        });
//        //如果当前用户权限不包含注解中的权限信息，抛出异常
//        if (!falg){
//            throw new AccessDeniedException("缺少所需权限: " + String.join(",", requirePermissionValue));
//        }
//        return  joinPoint.proceed();
//    }
}
